How to install the Linux system free firewall (CSF)

Guidance: CSF is currently the best free firewall in Linux. Although the Linux system itself is relatively secure, as a server provided to users, we should try not to streaking. I have heard of this software before, but I thought it was very troublesome to install it, so I didn't pay attention to it. I tested it today and found it very easy to use.

For self-use servers, the backup work is well done, and no one else can afford it, not very worried about security issues. However, for servers provided to users, it is necessary to do some security work.

Previously, Zookeeper introducedIptables settings, It seems too troublesome, so you can install the best free firewall in the currently recognized Linux:CFS.

The installation of CFS is very simple, and there is a graphical management interface under the Cpanel and DirectAdmin panels, which is very convenient to use.Install CFS

Run the following command to install CFS:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Detection iptalbes module:

perl /etc/csf/csftest.pl

If you have installed the following command:

sh /etc/csf/remove_apf_bfd.sh

In this way, the CFS is installed. For the DirectAdmin panel, we mainly set two places in the background:

CFS security level settings

Log on to the DirectAdmin panel, find the bottom ConfigServer Firewall & Security Options, go to the CFS interface, find the Firewall Security Level option, and click to enter, as shown in:

There are three security levels. Just select one that suits you.

Detailed CFS parameter settings

Find the Firewall Configuration option. We mainly care about these parameters: TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, ICMP_IN, and ICMP_OUT.

In addition, CFS stops running every five minutes by default to prevent users from remotely connecting to the server due to incorrect settings. When we confirm that all settings are correct, we should set the TESTING value in the Firewall Configuration option to 0 and restart CFS.

For environments that do not support GUI settings, modify the following configuration files:

URL of the CSF configuration file:/etc/csf. conf

Whitelist:/etc/csf. allow

Blacklist:/etc/csf. deny

Modify the port, and set the value of TESTING to 0 to disable the test mode.

Uninstall CFS

Run the following command to uninstall CFS:

d /etc/csf
sh uninstall.sh